Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

U.S. Government Blames North Korea for WannaCry

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries.

Calling it a “careless and reckless” attack, White House Homeland Security Adviser Tom Bossert said Tuesday at a White House press briefing, the attack “affected individuals, industry, governments and the consequences went beyond economic.”

The WannaCry outbreak was a massive worldwide ransomware attack that used the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. A number of security experts, including those at Kaspersky Lab, have linked the WannaCry attacks to North Korea’s Lazarus Group, an outfit either within that country’s government or acting on its behalf.

“After careful investigation, the U.S. today publicly attributes the massive WannaCry cyberattack to North Korea,” Bossert wrote in an article for the Wall Street Journal on Tuesday.

Bossert said the U.S. shared its WannaCry analysis other governments, such as the United Kingdom, Australia, Canada, New Zealand and Japan, and that they also agreed to “denounce” North Korea for WannaCry attacks. He said Microsoft and others in the cycbersecurity community also helped trace WannaCry back to North Korea.

“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless,” Bossert said.

Tim Erlin, VP of Product Management and Strategy at Tripwire, said accurate attribution for cyber attacks is almost always a difficult task. “It’s doubly so when the evidence leading to the conclusion can’t be shared,” he said.

“This conclusion about North Korea’s culpability isn’t new. The UK discussed the very same conclusion in October, with the very same caveats about sharing the actual evidence. You can’t arrest a nation-state, which inevitably prevents any real closure on an incident like WannaCry,” Erlin said. “If we’re going to have national security organizations delivering these types of conclusions on attribution to the public, we need to find a way to develop trusted output.”

Researchers said the attackers behind the May outbreak of WannaCry ransomware used EternalBlue, the codename for an exploit made public by the mysterious group that is in possession of offensive hacking tools allegedly developed by the NSA.

EternalBlue is a remote code execution attack taking advantage of a SMBv1 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked.

The attackers did not make a concerted effort to collect on ransom demands of approximately $300 in Bitcoin in exchange for a decryption key that would unlock any files encrypted during the WannaCry attack. Experts also said WannaCry’s well-documented killswitch was an odd choice to include in the ransomware, something that researchers still haven’t completely figured out.

Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested in August in Las Vegas and charged with creating and distributing the Kronos banking malware.

In a Wall Street Journal op-ed, Bossert called on the private sector to increase its “accountability in the cyber realm by taking actions that deny North Korea.” He also referenced action by Microsoft and “others” who “acting on their own initiative last week, without any direction or participation by the U.S.” disrupted the activities of North Korean hackers.

“Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet,” he said.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.